package org.jackysoft.config;

import java.util.ArrayList;

import javax.annotation.Resource;

import org.jackysoft.security.config.MultiUrlAuthenticationSuccessHandler;
import org.jackysoft.security.handler.CustomWebSecurityExpressionHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.authentication.AuthenticationProvider;
/**
 * 
 * Cas Client 端配置
 * 
 * */
@Configuration
public class CasClientConfiguration {
	
	private static final Logger logger  = LoggerFactory.getLogger(CasClientConfiguration.class);
	
	
	@Resource(name="commonConfiguration")
	private CommonConfiguration common;
	@Resource(name="casAuthenticationProvider")
	private AuthenticationProvider authenticationProvider;
	
	@Resource(name="expressionHandler")
	MethodSecurityExpressionHandler  exreessHandler;
	
	
	@Bean
	public org.springframework.security.authentication.ProviderManager casAuthenticationManager(){
			
     	return new org.springframework.security.authentication.ProviderManager(new ArrayList<AuthenticationProvider>(){
     		
			/**
			 * 
			 */
			private static final long serialVersionUID = -4660730019903524828L;

			{
     			add(authenticationProvider);
     		}
     	});
		
		
	}
	
	
	
	@Bean
	public org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy sessionAuthenticationStrategy(){
		org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy cs = 
				new org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy(sessionRegistry());
		cs.setMaximumSessions(1);
		return cs;
		
	}
	
	@Bean 
	public org.springframework.security.core.session.SessionRegistryImpl sessionRegistry(){
		return new org.springframework.security.core.session.SessionRegistryImpl();
	}
	
	@Bean
	public org.springframework.security.web.session.ConcurrentSessionFilter concurrencyFilter(){
		org.springframework.security.web.session.ConcurrentSessionFilter cs  =
				new org.springframework.security.web.session.ConcurrentSessionFilter(sessionRegistry(),"/session-expired.jsp");
	    return cs;
	}
	
	@Resource(name="webSecurityExpressionHandler")
	protected CustomWebSecurityExpressionHandler  webExpressHanlder;
	
	@Bean
	public org.springframework.security.web.access.expression.WebExpressionVoter webExpressVoter(){
	    org.springframework.security.web.access.expression.WebExpressionVoter  voter =  new org.springframework.security.web.access.expression.WebExpressionVoter();
		voter.setExpressionHandler(webExpressHanlder);
	    return voter;
	}
	
	@Bean
	public org.springframework.security.access.vote.RoleVoter roleVoter(){
		org.springframework.security.access.vote.RoleVoter rv  = 
				new org.springframework.security.access.vote.RoleVoter();
		rv.setRolePrefix("ROLE_");
		
		return rv;
	}
	
	@Bean 
	public org.springframework.security.access.vote.AuthenticatedVoter authenticatedVoter(){
		return 	new org.springframework.security.access.vote.AuthenticatedVoter();
		
	}
	
	@Bean
	public org.springframework.security.access.vote.ConsensusBased accessDecisionManager(){
		org.springframework.security.access.vote.ConsensusBased cb = 
				new org.springframework.security.access.vote.ConsensusBased(new ArrayList<AccessDecisionVoter>(){
					/**
					 * 
					 */
					private static final long serialVersionUID = 3012592593141572638L;

					{
						add(roleVoter());
						add(authenticatedVoter());
						add(webExpressVoter());
					}
				});
		return cb;
	}
	
	@Bean
	public org.jasig.cas.client.proxy.ProxyGrantingTicketStorage proxyGrantingTicketStorage(){
		return new org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl();
		
	}
	
	@Bean 
	public org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler authenticationFailureHandler(){
		
		return new org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler("/casfailed.jsp");
	
	}	
	
	@Bean 
	public MultiUrlAuthenticationSuccessHandler authenticationSuccessHandler(){
	     return new MultiUrlAuthenticationSuccessHandler("/index.jsp");	
	}
	
	@Bean
	public org.jasig.cas.client.session.SingleSignOutFilter singleLogoutFilter(){
		org.jasig.cas.client.session.SingleSignOutFilter sso = new org.jasig.cas.client.session.SingleSignOutFilter();
		return sso;
	}
	
	
	private @Value("${cas.logouturl}") String logoutUrl;
	@Bean 
	public org.springframework.security.web.authentication.logout.LogoutFilter requestSingleLogoutFilter(){
		
	
		
		org.springframework.security.web.authentication.logout.LogoutFilter lf = 
				new org.springframework.security.web.authentication.logout.LogoutFilter(logoutUrl, securityContextLogoutHandler());
		
		return lf;
		
	}
	
	@Bean 
	public org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler securityContextLogoutHandler(){
		org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler scl
		 = new org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler();
		return  scl;
	}
	
	

	@Bean
	public org.springframework.security.cas.ServiceProperties serviceProperties(){
		
		   
		org.springframework.security.cas.ServiceProperties sp = 
				new org.springframework.security.cas.ServiceProperties();
		logger.info("web context root url is set to  {}",common.rootUrl());
		String service = common.rootUrl() + "/j_spring_cas_security_check";
		sp.setService(service);
		sp.setSendRenew(false);
		return sp;
	}
 
	
}
